filter traffic from lan to use different wan circuits

JATINDER KUMAR · ‎02-28-2012

Dear friends..

i have few lines to be exact 3 lines coming on one router i want my LAN users (Single Subnet) .. few to use one circuit to go to wan .. other to use second circuit and rest to use the the thirr or may be in future again divided into forth or fifth circuit ..

dont know if this can be possible via PBR .. please advice with some configuration guidance .. how can i achive this .. thanks for the time and help

jigardavenm · ‎02-28-2012

ip route 192.168.10.0 0.0.0.255 10.10.10.1 ---- lets say your subnet 1 users will go to 10.10.10.1

ip route 192.168.100.0 0.0.0.255 20.20.20.1 ---- lets say your subnet 2 users will go to 20.20.20.1

ip route 192.168.200.0 0.0.0.255 30.30.30.1 ---- lets say your subnet 3 users will go to 30.30.30.1

JATINDER KUMAR · ‎02-28-2012

jigar sir .. read my post ... its a single lan subnet ... three wan lines ..

ramdane.airdahmane · ‎02-29-2012

its depend,

tell me, the three connection are puted in the same router or in different router,

i must have more information,

or if you can post a picture of your architecture

JATINDER KUMAR · ‎02-29-2012

.. nice question .. all three lines on same router .. and my setup is already explained on thread start..

Thotsaphon Lueangwattanaphong · ‎02-29-2012

Hello,

PBR is good to go for load-sharing. If NAT is there, you may need to read the document below.

Ref: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml

HTH,

Toshi

satya mothukuri · ‎03-01-2012

Hi,

1st you have to div your singe network into 3 subnets.

then for ex if your network is 10.126.251.X

access-list 100 deny ip 10.126.251.0 0.0.0.A any

access-list 100 deny ip 10.126.251.0 0.0.0.B any

access-list 100 permit ip any any

access-list 101 deny ip 10.126.251.0 0.0.0.C any

access-list 101 deny ip 10.126.251.0 0.0.0.B any

access-list 101 permit ip any any

access-list 102 deny ip 10.126.251.0 0.0.0.A any

access-list 102 deny ip 10.126.251.0 0.0.0.C any

access-list 102 permit ip any any

!

route-map test permit 10

match ip address 100

set ip next-hop (To router 1)

route-map test permit 20

match ip address 101

set ip next-hop (To router 2)

route-map test permit 10

match ip address 102

set ip next-hop (To router 3)

interface lan.

ip policy route-map test

hope it works

Regards,

Satya.M

Latchum Naidu · ‎03-01-2012

Hi Jatinder,

You can go with PBR, with this you can shape the traffic in which way you want.
See the below example config may helps you.

ip accesslist ext 150
permit 192.168.2.0 0.0.0.255 any
deny any any

ip accesslist ext 151
permit 192.168.3.0 0.0.0.255 any
deny any any

ip accesslist ext 152
permit 192.168.4.0 0.0.0.255 any
deny any any

route-map WAN1 permit 10
match ip address 150

route-map WAN2 permit 10
match ip address 151

route-map WAN3 permit 10
match ip address 152

!
interface 1provider
ip policy route-map WAN1

interface 2provider
ip policy route-map WAN2

interface 3provider
ip policy route-map WAN3

Please rate the helpfull posts.
Regards,
Naidu.

JATINDER KUMAR · ‎03-01-2012

guys guys... i thnk we are missing something .. i cant change my lan subnet .. i need to keep all of them in one subnet.. please advice if this is possible or not ..

satya mothukuri · ‎03-01-2012

Hi,

Not Possibel.

Regards,

Satya.M

jigardavenm · ‎03-01-2012

Jatinder, I think you need to read some CCNP related books and try to search this one on internet. if you find anything that is doable the way you want, we are happy to get it informed by you in future.

ramdane.airdahmane · ‎03-13-2012

sorry for my late i was in travel;

i think the best way is to do 3 nat session ;

example with 4 eth ( 3 wan e0 to e2 and 1 inside e3)

you must creat 3 acl with fragment of your lan example

acces-list 1

acces-list 2

acces-list 3

and after configure the 3 wan interface with ip nat outside

inte fas eth 0 -2

ip nat outside

and

inte fas eth 3

ip nat inside

after with acces list do different session on nat

ip nat inside source list 1 interface Ethernet 0 overload

ip nat inside source list 2 interface Ethernet 1 overload

ip nat inside source list 3 interface Ethernet 2 overload

i thik its work very good.

regards